AWS Security Blog

Category: AWS Identity and Access Management (IAM)

Coming Soon! An Important Change to How You Manage Your AWS Account’s Access Keys

As part of our ongoing efforts to help keep your resources secure, on April 21, 2014, AWS removed the ability to retrieve existing secret access keys for your AWS (root) account. See the updated blog post Where’s My Secret Access Key? for more information about access keys and secret access keys. -Kai

Read More

Read What Others Recommend for IAM Best Practices

Here on the AWS Security Blog we’ve published several posts that recommend IAM best practices. We’re pleased to find that third-party bloggers are adding their own voices. Codeship, a company that provides a continuous code deployment and testing service, just published a great post about how to secure your AWS account using Identity and Access […]

Read More

High-Availability IAM Design Patterns

Today Will Kruse, Senior Security Engineer on the AWS Identity and Access Management (IAM) team, provides a tutorial on how to enable resiliency against authentication and authorization failures in an application deployed on Amazon EC2 using a high availability design pattern based on IAM roles. Background Many of you invest significant effort to ensure that a […]

Read More

How Do I Protect Cross-Account Access Using MFA?

Today AWS announced support for adding multi-factor authentication (MFA) for cross-account access. In this blog post, I will walk you through a common use case, including a code sample, which demonstrates how to create policies that enforce MFA when IAM users from one AWS account make programmatic requests for resources in a different account. Many […]

Read More

Dilbert Learns to Set Up Temporary Credentials

It seems that the topic of using temporary security credentials has been coming up at lot recently. Several weeks ago Rich Mogull expressed his chagrin for not using temporary credentials in his post titled, “My $500 Cloud Security Screw-up”. And over the weekend Scott Adams published a Dilbert comic poking fun of Dilbert not understanding […]

Read More

An Instructive Tale About Using IAM Best Practices

An interesting blog post came to our attention recently—My $500 Cloud Security Screw-up by Rich Mogull. He describes how he learned to adhere to several important AWS security principles through several unfortunate events.   Mike Pope, senior technical writer for AWS Identity, paraphrases the post here. Rich had inadvertently leaked his AWS access keys, allowing some […]

Read More

Make a New Year Resolution

Make a New Year Resolution for 2014 to adhere to best practices put forth by AWS Security and Identity.  There are two great pieces of work published in 2013 that are filled with guidance and are highly actionable.  AWS published the Security Best Practices whitepaper, providing a landscape of various security oriented technologies, including IAM, […]

Read More

Delegating API Access to AWS Services Using IAM Roles

Suppose you run a research lab and you dump a terabyte or so of data into Amazon DynamoDB for easy processing and analysis. Your colleagues at other labs and in the commercial sphere have become aware of your research and would like to reproduce your results and perform further analysis on their own. AWS supports this very important […]

Read More

AWS SDK Blog Posts About IAM Roles

The .NET Developers Blog recently published two easy-to-read posts about access key management for .NET applications. The first one goes through some of the background of access key management, as well as the use of IAM roles for EC2. The second post goes deeper into creating and using IAM users and groups instead of using root […]

Read More

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)

In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss another frequently asked-about topic: the distinction between IAM policies, S3 bucket policies, S3 ACLs, and when to use each. They’re all part of the AWS […]

Read More